GitVenom: Fake GitHub Repositories Spreading Malware to Developers
Overview
A newly exposed malware campaign, GitVenom, is using fake GitHub repositories to infect developers with credential-stealing malware, cryptocurrency hijackers, and remote administration tools (RATs). Researchers from Kaspersky’s Securelist uncovered the attack, revealing that malicious actors are disguising their malware as open-source projects to deceive unsuspecting developers.
How GitVenom Works
1️⃣ Fake GitHub Repositories
- Attackers create fake open-source projects on GitHub, mimicking real tools such as:
✅ Instagram automation software
✅ Telegram Bitcoin wallet bots
✅ Valorant hacking tools - They enhance credibility by:
✅ Writing AI-generated README.md files with detailed descriptions
✅ Using SEO tactics like excessive tags
✅ Faking commit history by manipulating timestamps
Excerpts from README.md pages describing fake projects (Source: Kaspersky’s Securelist)
2️⃣ Hidden Malicious Code
Depending on the programming language, malware is hidden differently:
- Python: Encoded in long tab characters (~2000), which decrypt and execute a secondary script
- JavaScript: Malicious functions hidden within project files
- C, C++, C#: Batch scripts embedded in Visual Studio project files execute during build
3️⃣ Malware Payloads and Data Theft
Once executed, the malware downloads additional components from attacker-controlled GitHub repositories, including:
- Node.js-based infostealers – Extract passwords, banking details, crypto wallets, and browser history
- AsyncRAT & Quasar RAT – Grant remote control over infected systems
- Clipboard Hijacker – Replaces copied crypto wallet addresses with attacker-controlled addresses
🔴 At least 5 BTC (~$485,000 USD) were stolen in November 2024
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Global Reach & Developer Targets
GitVenom has been active for over two years, with infection attempts worldwide, especially in:
🌍 Russia
🌍 Brazil
🌍 Turkey
With code-sharing platforms like GitHub growing in popularity, attackers will continue using fake repositories to target developers.
Trending: Offensive Security Tool: HExHTTP
How to Protect Yourself
✅ Verify Repository Authenticity: Check contributor history and activity before using unknown projects
✅ Inspect Code Before Running: Manually review scripts for suspicious execution commands
✅ Monitor Clipboard Activity: Be cautious when copying and pasting cryptocurrency wallet addresses
✅ Use Endpoint Security: Protect systems with anti-malware tools that detect RATs and infostealers
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: hackread.com
Recent News
Massive Botnet Attack Targets Microsoft 365: 130,000 Devices Exploiting Legacy Authentication
Bybit Crypto Exchange Hacked: $1.4 Billion ETH Stolen from Cold Wallet
Fake Browser Updates Now Spread New FrigidStealer Malware to Mac, Windows, and Android
OpenSSH Patches Two Critical Vulnerabilities, One Undetected for a Decade
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
